Wirus [ukash] - prośba o pomoc !

**Posty:** 3 · przez **Sunnade** 18 Sie 2012, 00:53

Widzę, że podobnych tematów jest mnóstwo, a nie chcę się podpinać pod inne, więc założyłem swój własny. Zwracam się z ogromną prośbą do użytkowników tego forum o pomoc w uporaniu się z tym 'problemem' jakim jest ów trojan. :evil:

Nigdy nie miałem jakichkolwiek 'spotkań' z tego typu wirusami itd., ale odkąd młodsze rodzeństwo zaczęło korzystać z komputera przydarzył mi się ten problem. :lipa:

Jestem początkujący jeśli chodzi o moje przygody z wirusami, więc proszę o w miarę proste wytłumaczenie mi wszystkiego krok po kroku.

Próbowałem usuwać wirusa za pomocą HitmanPro na systemie awaryjnym, ale bez skutku. Dlatego postanowiłem założyć ten temat. Z góry bardzo dziękuję wszystkim za pomoc :wink:

Poniżej zamieszczam logi z programu OTL (przepraszam, że nie w załącznikach, ale nie mogłem znaleźć tych plików, reszte zrobiłem tak jak było napisane (usunąłem Daemon Tools'a, plik sptd.sys) :ok:

:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-08-18 00:39:56 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Piotrek\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 30,03% Memory free 4,24 Gb Paging File | 2,54 Gb Available in Paging File | 59,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50,00 Gb Total Space | 5,53 Gb Free Space | 11,06% Space Free | Partition Type: NTFS Drive D: | 182,88 Gb Total Space | 46,96 Gb Free Space | 25,68% Space Free | Partition Type: NTFS Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PIOTREK-PC | User Name: Piotrek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-17 23:59:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Piotrek\Downloads\OTL.exe PRC - [2012-08-03 07:52:14 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012-05-26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Piotrek\AppData\Local\Akamai\netsession_win.exe PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2012-02-26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012-02-16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2011-12-03 19:58:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-08-03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2008-01-19 10:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2008-01-19 10:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-08-14 23:04:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-10 19:45:35 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2011-12-03 19:58:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-11-16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-08-03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-04-25 05:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-03-30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-03-14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2012-03-14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2012-03-14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2012-02-29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2010-06-23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:[b]64bit:[/b] - [2010-04-28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2009-10-01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - [2008-01-19 09:09:56 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV - [2005-01-01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190 IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190 IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2417076 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789}&q={searchTerms}&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://domredi.com/1/ IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/ IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - No CLSID value found IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - No CLSID value found IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190 IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2417076 IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789}&q={searchTerms}&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{EF9AE371-66DF-4B3C-B6A1-4A86078B2861}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-06-28 09:10:09 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://search.bearshare.net CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://search.bearshare.net CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Piotrek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Piotrek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: SpeedDial = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000..\Run: [Akamai NetSession Interface] C:\Users\Piotrek\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000..\Run: [taskmsr] C:\Users\Piotrek\AppData\Roaming\taskmsr\taskmsr.exe () O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: sony.com ([]* in ) O16:[b]64bit:[/b] - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.134.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A821BE7-CDDF-42E4-9A1E-022A98136C0A}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\avldr: DllName - (avldr64.dll) - File not found O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005-02-25 18:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\Shell - "" = AutoRun O33 - MountPoints2\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{4756a6e0-d472-11e0-a9c7-001d60746455}\Shell - "" = AutoRun O33 - MountPoints2\{4756a6e0-d472-11e0-a9c7-001d60746455}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{4995d232-f271-11e0-b09a-001e101f859f}\Shell - "" = AutoRun O33 - MountPoints2\{4995d232-f271-11e0-b09a-001e101f859f}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{4995d234-f271-11e0-b09a-001e101f859f}\Shell - "" = AutoRun O33 - MountPoints2\{4995d234-f271-11e0-b09a-001e101f859f}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{a9df88df-f57b-11e0-9904-001d60746455}\Shell - "" = AutoRun O33 - MountPoints2\{a9df88df-f57b-11e0-9904-001d60746455}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{af22a856-077d-11e1-884b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{af22a856-077d-11e1-884b-806e6f6e6963}\Shell\AutoRun\command - "" = J:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-17 23:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Checker [2012-08-17 23:52:58 | 000,081,408 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\devcon_x64.exe [2012-08-17 23:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Checker [2012-08-17 22:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012-08-17 22:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-08-16 11:41:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-08-16 11:41:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-08-16 11:41:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-08-16 11:41:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-08-16 11:41:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-08-16 11:41:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-08-16 11:41:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-08-16 11:41:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-08-16 11:41:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-08-16 11:41:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-08-16 11:41:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-08-16 11:41:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-08-16 11:41:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-08-16 11:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012-08-15 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Mozilla [2012-08-15 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\The Lord of the Rings Online [2012-08-15 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\The Lord of the Rings Online [2012-08-15 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Turbine [2012-08-15 21:43:26 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\ApplicationHistory [2012-08-15 21:40:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012-08-15 21:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2012-08-15 18:57:35 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\FIFA 12 [2012-08-15 09:44:03 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012-08-15 09:44:02 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll [2012-08-15 09:43:41 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012-08-13 15:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs [2012-08-08 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\Diablo III [2012-08-08 11:52:08 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\MusicNet [2012-08-08 11:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\8112 [2012-08-08 11:51:51 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\My Received Files [2012-08-06 22:50:13 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Audacity [2012-08-02 16:28:34 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Desktop\vat [2012-08-01 17:14:21 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Awesomium [2012-08-01 17:13:38 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\BrawlBusters [2012-08-0dll CHR - plugin/b%11 17:11:18 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brawl Busters [2012-08-01 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\F4 [2012-08-01 15:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F4 [2012-08-01 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\F4 [2012-07-30 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\PowerChallenge [2012-07-29 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\PMB Files [2012-07-29 19:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012-07-19 18:01:57 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\.funcom [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-18 00:46:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-18 00:36:15 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-08-18 00:36:14 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-18 00:36:14 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-18 00:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-18 00:36:05 | 2146,623,488 | -HS- | M] () -- C:\hiberfil.sys [2012-08-18 00:04:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-16 11:47:33 | 000,377,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-08-16 11:27:12 | 000,000,836 | ---- | M] () -- C:\Windows\SysNative\.crusader [2012-08-15 21:43:26 | 000,000,095 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\fusioncache.dat [2012-08-15 21:43:01 | 001,558,198 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-08-15 21:43:01 | 000,684,860 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-08-15 21:43:01 | 000,607,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-08-15 21:43:01 | 000,137,080 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-08-15 21:43:01 | 000,108,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-08-15 21:39:20 | 000,000,715 | ---- | M] () -- C:\Users\Piotrek\Desktop\The Lord of the Rings Online.lnk [2012-08-14 23:48:11 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-08-14 23:04:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-08-14 23:04:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-08-07 11:34:45 | 001,503,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-08-06 22:38:58 | 000,384,835 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\speeddial.crx [2012-07-29 22:51:23 | 000,031,744 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-25 11:48:07 | 000,551,426 | ---- | M] () -- C:\Users\Piotrek\Desktop\Scan.pdf [2012-07-23 10:52:50 | 000,044,542 | ---- | M] () -- C:\Users\Piotrek\Desktop\PotwierdzenieTransakcji_20120723_105153.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-18 00:19:39 | 2146,623,488 | -HS- | C] () -- C:\hiberfil.sys [2012-08-16 11:27:12 | 000,000,836 | ---- | C] () -- C:\Windows\SysNative\.crusader [2012-08-16 11:08:36 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012-08-16 11:08:36 | 000,001,780 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk [2012-08-16 11:08:36 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012-08-15 21:43:26 | 000,000,095 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\fusioncache.dat [2012-08-15 21:39:20 | 000,000,715 | ---- | C] () -- C:\Users\Piotrek\Desktop\The Lord of the Rings Online.lnk [2012-08-06 22:50:03 | 000,000,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2012-08-06 22:39:10 | 000,384,835 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\speeddial.crx [2012-07-25 11:48:06 | 000,551,426 | ---- | C] () -- C:\Users\Piotrek\Desktop\Scan.pdf [2012-07-23 10:52:50 | 000,044,542 | ---- | C] () -- C:\Users\Piotrek\Desktop\PotwierdzenieTransakcji_20120723_105153.pdf [2012-06-15 16:27:44 | 001,558,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-05-28 09:23:37 | 000,005,504 | ---- | C] () -- C:\Users\Piotrek\ksw32.lc [2011-12-03 19:58:34 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-12-03 19:58:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-10-21 17:58:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011-09-25 07:46:23 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011-09-24 23:24:04 | 000,000,872 | RHS- | C] () -- C:\Users\Piotrek\ntuser.pol [2011-09-24 18:43:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011-09-24 18:42:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011-09-24 18:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011-09-08 08:56:47 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2011-09-01 16:48:25 | 000,031,744 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-09-01 13:53:44 | 000,000,000 | ---- | C] () -- C:\Users\Piotrek\AppData\Roaming\chrtmp [2011-09-01 13:47:05 | 000,000,680 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\d3d9caps.dat [2011-09-01 10:12:48 | 000,001,460 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\d3d9caps64.dat [2011-08-03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [color=#E56717]========== LOP Check ==========[/color] [2012-06-06 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Aeria Games & Entertainment [2011-11-22 10:45:18 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\All Free Disc Burner [2012-08-07 12:57:19 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Audacity [2012-08-13 18:10:02 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Awesomium [2011-10-09 20:54:13 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\blueconnect [2012-08-17 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\DAEMON Tools Lite [2012-08-17 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\DAEMON Tools Pro [2011-11-23 04:31:21 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\DMCache [2012-08-01 15:06:17 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\F4 [2012-04-07 16:45:40 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\FOG Downloader [2012-07-05 06:37:56 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Gadu-Gadu 10 [2011-11-23 04:31:52 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\IDM [2011-11-30 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\LolClient [2012-06-23 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\LolClient2 [2012-08-08 11:52:08 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\MusicNet [2011-11-05 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\OpenCandy [2011-10-23 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\OpenFM [2011-09-01 13:43:48 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Opera [2012-01-13 01:21:57 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Origin [2012-06-28 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Panda Security [2012-03-10 22:18:19 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\PhotoScape [2012-03-29 11:42:00 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Podatnik.info [2011-11-05 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Sports Interactive [2011-11-16 00:48:29 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Systweak [2012-06-28 00:22:05 | 000,000,000 | RHSD | M] -- C:\Users\Piotrek\AppData\Roaming\taskmsr [2011-11-03 09:13:22 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Three Rings Design [2012-05-22 22:08:37 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Tibia [2012-05-16 07:30:02 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Tibiacast [2012-02-11 13:22:38 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Unity [2011-09-01 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\VS Revo Group [2012-06-10 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\wargaming.net [2012-08-18 00:35:16 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6BE50C2B @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1CE11B51 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-08-18 00:39:56 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Piotrek\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 30,03% Memory free 4,24 Gb Paging File | 2,54 Gb Available in Paging File | 59,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50,00 Gb Total Space | 5,53 Gb Free Space | 11,06% Space Free | Partition Type: NTFS Drive D: | 182,88 Gb Total Space | 46,96 Gb Free Space | 25,68% Space Free | Partition Type: NTFS Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PIOTREK-PC | User Name: Piotrek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = ED A5 3D 5D 2D 7A CC 01 [binary data] "VistaSp2" = 43 3B 20 16 20 3E CD 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07C9A8E2-3643-407E-936B-1CF48E0FE996}" = lport=2869 | protocol=6 | dir=in | app=system | "{0B734EAC-39BF-4A04-89DA-B6576CA9946A}" = lport=139 | protocol=6 | dir=in | app=system | "{0CBE66B3-4081-4351-8ADE-D0E8839BB291}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{259B9814-6822-49C8-A538-8B360227DE11}" = lport=445 | protocol=6 | dir=in | app=system | "{28B9A6C4-9567-493D-89EB-AB044938D862}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{29578CA6-76C5-415C-8EB0-915878C48883}" = lport=138 | protocol=17 | dir=in | app=system | "{297B460C-6C02-47FE-A6C7-1AA23B87DCBC}" = lport=56259 | protocol=17 | dir=in | name=pando media booster | "{32B3709E-C284-49A3-AE73-ACC2C05AFD61}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{3A5E09AA-17B7-4AEF-9A71-0B7700DBDAA1}" = rport=138 | protocol=17 | dir=out | app=system | "{4E6CE5E9-30FF-450E-AB1F-DE23EC52BC02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{656BBB07-4342-49F7-B2B2-C6F7663A533E}" = lport=56259 | protocol=17 | dir=in | name=pando media booster | "{88E983A3-ADF4-495D-982B-4F2E7F70EEE6}" = lport=49264 | protocol=6 | dir=in | name=akamai netsession interface | "{89AEF181-76E2-435F-AB5D-EC2AE88C6FC9}" = rport=137 | protocol=17 | dir=out | app=system | "{A876FFAE-F3CB-4748-AA6E-995C32340FEC}" = rport=139 | protocol=6 | dir=out | app=system | "{AEDEA0E0-1A71-4582-8164-E7B73652462B}" = lport=56259 | protocol=6 | dir=in | name=pando media booster | "{AF20EECF-1694-4D49-BB6C-CEAA138B783F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{B2D68804-B443-48BC-B88C-B58745DA4DED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B3B22366-ACEC-4BA3-A9B9-41053A906166}" = lport=137 | protocol=17 | dir=in | app=system | "{B56F4A4B-C421-48D1-BEE4-E18E0DC537AC}" = lport=49583 | protocol=6 | dir=in | name=akamai netsession interface | "{BDD20473-17F2-4A8E-B04B-AF2721F790F1}" = lport=56259 | protocol=6 | dir=in | name=pando media booster | "{F82029C9-5358-40D9-BCE2-46D37027E568}" = rport=445 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08D1D0C7-91E1-40C8-BB91-41A0B0D6DDAF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{11E6C02E-DBF2-44A6-B64D-D00FB84D57D0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{13091978-137E-4B42-85A7-0E72273EA5D2}" = protocol=6 | dir=in | app=d:\gry\brawl busters\bin\pbclient.exe | "{1EFFABCD-AEE4-4CDB-A88C-2EF5D81578C4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{21CC25F1-ABBA-422A-B426-9D33D75BECE8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{317BD1BB-E812-4A0D-B715-D15B81FE35F6}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{32A9D1EC-9F6E-4C61-8DCB-7C2CF4469548}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{332F2F06-E657-4EA4-9A2E-A246BCD3E3EB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{3D988302-C7CA-4D30-AF61-F4B5B4A0B9B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4CE94FF7-4029-4E09-96EE-14DE9A1FC929}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{52EF5E75-0BBE-496E-9C05-0D42FA23219E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{55754C6F-FD23-47D0-AB93-C13E05463705}" = protocol=17 | dir=in | app=d:\gry\brawl busters\bin\pbclient.exe | "{56B0F59B-1005-40D5-AFD0-8D722CA600E4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5D6C6078-D609-4DEE-A50E-915D566EA880}" = protocol=17 | dir=in | app=d:\gry\firefly studios\stronghold 2\stronghold2.exe | "{5F6E4320-3426-4105-AB74-96810274FBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{64EF9285-F4E9-4BE4-9F32-1A7AEA7AFE0F}" = protocol=6 | dir=in | app=d:\gry\firefly studios\stronghold 2\stronghold2.exe | "{69FEAD73-A6E6-41D9-BE86-DB8561121AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6E9A521E-5BBD-47C9-9264-F8A12DC12222}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{6F887986-6232-4299-9322-98FC39DDEFC1}" = protocol=17 | dir=in | app=c:\users\piotrek\appdata\local\akamai\netsession_win.exe | "{7AB07226-B1FC-4001-AFB9-886C3AF97D49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{81B3A153-5379-4552-B5EE-F17F277B01BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{871C48DE-BCF8-4725-A9A7-3EDCA79E6220}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8A71D87B-F9FA-463F-9028-3611911B26D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{9671E2BC-4D7F-4488-B73A-3347581703E4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{A3BA0AAC-B4C9-4B13-9790-525CAEEE2B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A684E1F4-552C-4F06-A058-510419C3E18F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{ACE8973B-E959-4638-82F9-3C27EFD8661F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B05DE5C4-9815-4E0F-87FF-2CDAA124858F}" = protocol=6 | dir=in | app=d:\gry\brawl busters\bin\pblauncher.exe | "{B38BA279-385C-4B16-8CE1-F35B4C5EC1CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{CB82B249-E0E4-4A09-BC22-F5217B77CD4E}" = protocol=17 | dir=in | app=d:\gry\brawl busters\bin\pblauncher.exe | "{CF5477C3-400F-4F57-AB99-48A8D9705050}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{D4D59C3E-BBB0-436C-8149-AC70C41E80F4}" = protocol=6 | dir=in | app=c:\users\piotrek\appdata\local\akamai\netsession_win.exe | "{EEC66491-EC8A-427C-AEC6-57E6496A84A7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F0E0CE59-05B5-4E09-BD0E-DA5D1240A64E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F40B0A00-E483-4E3F-846E-C542A7F3D1BD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FA91D791-132E-42B9-AE1D-8EE201147F78}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{FD239D70-F26C-473F-AAB6-023C50CACCD6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{04D88C24-0348-4B35-AF24-C78EE949BD78}D:\gry\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\gry\age of conan\conanpatcher.exe | "TCP Query User{1E8B0FCB-7930-42D9-A2DD-9D825476930A}D:\gry\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa 12\game\fifa.exe | "TCP Query User{649F203C-DA0C-4707-8DBE-611C23ABFE90}D:\gry\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\gry\age of conan\conanpatcher.exe | "TCP Query User{75738D43-EDC0-4710-8440-D3AD51985D40}C:\users\piotrek\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\piotrek\appdata\local\akamai\netsession_win.exe | "TCP Query User{8055448D-2F2F-4D17-A584-248AF71E695D}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{A5A7EFF3-F61C-4A82-A461-59B5B811D948}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{DE6C12EF-31CB-4F60-B58B-A339B9FA00A0}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{FDEE62EA-62BA-4CD7-858C-3FBD7CF47FBE}D:\gry\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=d:\gry\age of conan\ageofconandx10.exe | "UDP Query User{20B51502-C612-4A9A-93CB-EB7AAEDDF554}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{24DFA03D-4465-4945-BDF1-1FCF6D5BA917}C:\users\piotrek\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\piotrek\appdata\local\akamai\netsession_win.exe | "UDP Query User{2688BF11-0B58-474F-B216-314C94081274}D:\gry\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\gry\age of conan\conanpatcher.exe | "UDP Query User{295C1AAC-02FC-43F0-BECD-403656701E65}D:\gry\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa 12\game\fifa.exe | "UDP Query User{70E1CF45-0163-458D-B057-0713A2E5A2D8}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{7453E592-17FA-4115-8743-23AB462CFBF8}D:\gry\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=d:\gry\age of conan\ageofconandx10.exe | "UDP Query User{A2A97E0D-7209-4287-8D82-2CC387F059BB}D:\gry\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\gry\age of conan\conanpatcher.exe | "UDP Query User{D9023C34-0849-4D03-8BBE-9DC49FE389FC}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{680D2E55-6FCC-4695-8741-3EA13DE4C898}" = ESET NOD32 Antivirus "{713CDBCF-4352-4AB8-A288-90CEE3F3A8D1}" = HP Deskjet 1050 J410 series Badanie ulepszeń produktu "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A2ACDFC1-9355-4D92-BB53-01B81AD0ABC0}" = Bezpieczeństwo rodzinne usługi Windows Live "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2BF224C-9818-4942-BF11-8929859E53AE}" = HP Deskjet 1050 J410 series Podstawowe oprogramowanie urządzenia "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 280.19 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.4.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "UltSounds" = Schematy dźwięków systemu Windows "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01D8CA8B-3F5F-4590-A0F3-36373BE97866}_is1" = Testy B "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012 "{4D5219EC-BFF8-4B7F-AB92-6D827BB37CB0}" = Windows Live Messenger "{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Pomoc "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath \gry\age of conan\conanpatcher{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}{90120000-0030-0000-0000-0000000FF1CE}MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA7B0DE4-E3CA-443F-B1CF-418431664C63}" = Windows Live Movie Maker "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C5096D00-8B9C-41DB-8472-9D721E982DF0}" = Podstawowe programy Windows Live "{C58BEC6C-D968-4FE3-8DD6-9FDC4278657B}" = Panda Antivirus Pro 2012 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{E39C185F-1240-4BA7-A03B-4FD99805D63E}" = Galeria fotografii usługi Windows Live "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EE0D4117-9AEB-4021-9903-5536500CF5E8}" = Pit Pro 2011 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.00.8037 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Age of Conan_is1" = Age of Conan: Unchained "Akamai" = Akamai NetSession Interface "Brawl Busters" = Brawl Busters "Diablo III" = Diablo III "Driver Checker_is1" = Driver Checker v2.7.4 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "Ksiega" = Ksiega "Mafia II_is1" = Mafia II "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.01.1532" = Opera 12.01 "Tibia_is1" = Tibia "Winamp" = Winamp "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinRAR archiver" = WinRAR 4.00 (32-bitowy) "Znaki Drogowe_is1" = Znaki Drogowe [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "SOE Web Installer" = SOE Web Installer "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-08-17 17:25:32 | Computer Name = Piotrek-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2012-08-17 17:28:07 | Computer Name = Piotrek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ngen.exe, wersja 1.1.4322.573, sygnatura czasowa 0x3e55926a, moduł powodujący błąd kernel32.dll, wersja 6.0.6002.18541, sygnatura czasowa 0x4ec3e39f, kod wyjątku 0xc0000142, przesunięcie błędu 0x0006f52f, identyfikator procesu 0xd00, godzina rozpoczęcia aplikacji 0x01cd7cbf2eed72fa. Error - 2012-08-17 17:30:25 | Computer Name = Piotrek-PC | Source = SideBySide | ID = 16842787 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definicja to WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2012-08-17 18:08:49 | Computer Name = Piotrek-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-08-17 18:09:26 | Computer Name = Piotrek-PC | Source = SideBySide | ID = 16842787 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definicja to WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2012-08-17 18:09:26 | Computer Name = Piotrek-PC | Source = SideBySide | ID = 16842787 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definicja to WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2012-08-17 18:18:29 | Computer Name = Piotrek-PC | Source = System Restore | ID = 8193 Description = Error - 2012-08-17 18:20:11 | Computer Name = Piotrek-PC | Source = SideBySide | ID = 16842787 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definicja to WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2012-08-17 18:20:11 | Computer Name = Piotrek-PC | Source = SideBySide | ID = 16842787 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definicja to WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2012-08-17 18:36:32 | Computer Name = Piotrek-PC | Source = SideBySide | ID = 16842787 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definicja to WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. [ System Events ] Error - 2012-08-17 18:07:26 | Computer Name = Piotrek-PC | Source = sptd | ID = 262148 Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error - 2012-08-17 18:08:29 | Computer Name = Piotrek-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 00:05:39 na 2012-08-18 było nieoczekiwane. Error - 2012-08-17 18:08:39 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-08-17 18:08:49 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-08-17 18:08:53 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-08-17 18:08:57 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-08-17 18:09:08 | Computer Name = Piotrek-PC | Source = Service Control Manager | ID = 7001 Description = Error - 2012-08-17 18:09:08 | Computer Name = Piotrek-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-08-17 18:20:39 | Computer Name = Piotrek-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-08-17 18:37:08 | Computer Name = Piotrek-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >

08

**Posty:** 205 · przez **defacto19** 18 Sie 2012, 13:27

Odinstaluj:
Update Manager for SweetPacks 1.0
Akamai NetSession Interface
SweetIM for Messenger 3.6

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190
IE:64bit: - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190
IE - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2417076
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789}&q={searchTerms}&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789}
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://domredi.com/1/
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - No CLSID value found
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - No CLSID value found
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyByEyCyEyDyDyCtByE0DtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=342757190
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2417076
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789}&q={searchTerms}&barid={D40B5AE4-A5AC-11E1-9CAB-9827EBC11789}
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{EF9AE371-66DF-4B3C-B6A1-4A86078B2861}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000..\Run: [taskmsr] C:\Users\Piotrek\AppData\Roaming\taskmsr\taskmsr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\Shell - "" = AutoRun
O33 - MountPoints2\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{4756a6e0-d472-11e0-a9c7-001d60746455}\Shell - "" = AutoRun
O33 - MountPoints2\{4756a6e0-d472-11e0-a9c7-001d60746455}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{4995d232-f271-11e0-b09a-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{4995d232-f271-11e0-b09a-001e101f859f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{4995d234-f271-11e0-b09a-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{4995d234-f271-11e0-b09a-001e101f859f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{a9df88df-f57b-11e0-9904-001d60746455}\Shell - "" = AutoRun
O33 - MountPoints2\{a9df88df-f57b-11e0-9904-001d60746455}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{af22a856-077d-11e1-884b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af22a856-077d-11e1-884b-806e6f6e6963}\Shell\AutoRun\command - "" = J:\Autorun.exe
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6BE50C2B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1CE11B51

:Files
C:\Users\Piotrek\AppData\Roaming\F4
C:\ProgramData\HitmanPro
C:\ProgramData\8112

:Reg
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

:Commands
[emptytemp]

Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.

Autor postu otrzymał pochwałę

**Posty:** 3 · przez **Sunnade** 19 Sie 2012, 00:34

@ UP - Ogromne dzięki! Po reboocie, problem z Ukashem zniknął! Daje logi i raport z OTL'a

Dziękuję ślicznie raz jeszcze

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Backup.Old.Start Page| /E : value set successfully! HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8532a8b7-c06a-41bb-936a-8ce73e4711ed} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}\ not found. Registry value HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f999a48b-1950-4d81-9971-79018f807b4b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f999a48b-1950-4d81-9971-79018f807b4b}\ not found. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}\ not found. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EF9AE371-66DF-4B3C-B6A1-4A86078B2861}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF9AE371-66DF-4B3C-B6A1-4A86078B2861}\ not found. HKU\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Run\\taskmsr deleted successfully. C:\Users\Piotrek\AppData\Roaming\taskmsr\taskmsr.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000} C:\Windows\Downloaded Program Files\swdir.inf moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{281f1ccc-d46f-11e0-84f9-806e6f6e6963}\ not found. File E:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{281f1d30-d46f-11e0-84f9-b35e48e505c6}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4756a6e0-d472-11e0-a9c7-001d60746455}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4756a6e0-d472-11e0-a9c7-001d60746455}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4756a6e0-d472-11e0-a9c7-001d60746455}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4756a6e0-d472-11e0-a9c7-001d60746455}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4995d232-f271-11e0-b09a-001e101f859f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4995d232-f271-11e0-b09a-001e101f859f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4995d232-f271-11e0-b09a-001e101f859f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4995d232-f271-11e0-b09a-001e101f859f}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4995d234-f271-11e0-b09a-001e101f859f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4995d234-f271-11e0-b09a-001e101f859f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4995d234-f271-11e0-b09a-001e101f859f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4995d234-f271-11e0-b09a-001e101f859f}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9df88df-f57b-11e0-9904-001d60746455}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9df88df-f57b-11e0-9904-001d60746455}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9df88df-f57b-11e0-9904-001d60746455}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9df88df-f57b-11e0-9904-001d60746455}\ not found. File J:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af22a856-077d-11e1-884b-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af22a856-077d-11e1-884b-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af22a856-077d-11e1-884b-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af22a856-077d-11e1-884b-806e6f6e6963}\ not found. File J:\Autorun.exe not found. ADS C:\ProgramData\TEMP:6BE50C2B deleted successfully. ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully. ========== FILES ========== C:\Users\Piotrek\AppData\Roaming\F4\EmpireOfSports folder moved successfully. C:\Users\Piotrek\AppData\Roaming\F4 folder moved successfully. C:\ProgramData\HitmanPro\Quarantine folder moved successfully. C:\ProgramData\HitmanPro folder moved successfully. C:\ProgramData\8112 folder moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Piotrek ->Temp folder emptied: 143244634 bytes ->Temporary Internet Files folder emptied: 1319894 bytes ->Java cache emptied: 330230885 bytes ->Google Chrome cache emptied: 120087597 bytes ->Opera cache emptied: 21542267 bytes ->Flash cache emptied: 1472 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8142123 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 58985770 bytes RecycleBin emptied: 150942 bytes Total Files Cleaned = 652,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08192012_001451 Files\Folders moved on Reboot... C:\Users\Piotrek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Piotrek\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: OTL logfile created on: 2012-08-19 00:25:08 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Piotrek\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,47% Memory free 4,23 Gb Paging File | 2,78 Gb Available in Paging File | 65,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50,00 Gb Total Space | 8,42 Gb Free Space | 16,83% Space Free | Partition Type: NTFS Drive D: | 182,88 Gb Total Space | 46,96 Gb Free Space | 25,68% Space Free | Partition Type: NTFS Computer Name: PIOTREK-PC | User Name: Piotrek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-17 23:59:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Piotrek\Downloads\OTL.exe PRC - [2012-08-14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012-08-03 07:52:14 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2011-12-03 19:58:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-08-03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-08-14 06:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll MOD - [2012-08-14 06:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll MOD - [2012-08-14 06:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avutil-51.dll MOD - [2012-08-14 06:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avformat-54.dll MOD - [2012-08-14 06:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-05-29 17:37:58 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:[b]64bit:[/b] - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2008-01-19 10:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2008-01-19 10:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-08-14 23:04:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-05-29 17:38:00 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012-05-29 17:37:58 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011-12-03 19:58:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-08-03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-04-25 05:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-03-30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-03-14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2012-03-14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2012-03-14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2012-02-29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2010-06-23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:[b]64bit:[/b] - [2010-04-28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2009-10-01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - [2008-01-19 09:09:56 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV - [2012-02-09 13:16:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2005-01-01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-06-28 09:10:09 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://search.bearshare.net CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://search.bearshare.net CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Piotrek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Piotrek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: SpeedDial = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000..\Run: [Akamai NetSession Interface] "C:\Users\Piotrek\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.134.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A821BE7-CDDF-42E4-9A1E-022A98136C0A}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\avldr: DllName - (avldr64.dll) - File not found O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O27:[b]64bit:[/b] - HKLM IFEO\hpcustpartic.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\photoproduct.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpcustpartic.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photoproduct.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-19 00:14:51 | 000,000,000 | ---D | C] -- C:\_OTL [2012-08-19 00:12:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-08-18 01:12:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012-08-18 01:11:26 | 000,035,680 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2012-08-18 01:11:26 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2012-08-18 01:09:19 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012-08-18 01:09:14 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012-08-18 01:09:14 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012-08-18 01:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012-08-18 01:08:51 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\TuneUp Software [2012-08-18 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012-08-18 01:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012-08-18 01:07:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012-08-17 23:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Checker [2012-08-17 23:52:58 | 000,081,408 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\devcon_x64.exe [2012-08-17 23:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Checker [2012-08-16 11:41:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-08-16 11:41:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-08-16 11:41:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-08-16 11:41:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-08-16 11:41:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-08-16 11:41:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-08-16 11:41:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-08-16 11:41:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-08-16 11:41:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-08-16 11:41:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-08-16 11:41:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-08-16 11:41:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-08-16 11:41:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-08-15 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Mozilla [2012-08-15 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\The Lord of the Rings Online [2012-08-15 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\The Lord of the Rings Online [2012-08-15 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Turbine [2012-08-15 21:43:26 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\ApplicationHistory [2012-08-15 21:40:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012-08-15 21:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2012-08-15 18:57:35 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\FIFA 12 [2012-08-15 09:44:03 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012-08-15 09:44:02 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll [2012-08-15 09:43:41 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012-08-13 15:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs [2012-08-08 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\Diablo III [2012-08-08 11:52:08 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\MusicNet [2012-08-08 11:51:51 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\My Received Files [2012-08-06 22:50:13 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Audacity [2012-08-02 16:28:34 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Desktop\vat [2012-08-01 17:14:21 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Awesomium [2012-08-01 17:13:38 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\BrawlBusters [2012-08-01 17:11:18 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brawl Busters [2012-08-01 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\F4 [2012-08-01 15:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F4 [2012-07-30 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\PowerChallenge [2012-07-29 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\PMB Files [2012-07-29 19:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-19 00:20:48 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-19 00:20:48 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-08-19 00:18:13 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-19 00:18:12 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-19 00:18:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-19 00:05:50 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-16 11:47:33 | 000,377,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-08-16 11:27:12 | 000,000,836 | ---- | M] () -- C:\Windows\SysNative\.crusader [2012-08-15 21:43:26 | 000,000,095 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\fusioncache.dat [2012-08-15 21:43:01 | 001,558,198 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-08-15 21:43:01 | 000,684,860 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-08-15 21:43:01 | 000,607,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-08-15 21:43:01 | 000,137,080 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-08-15 21:43:01 | 000,108,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-08-15 21:39:20 | 000,000,715 | ---- | M] () -- C:\Users\Piotrek\Desktop\The Lord of the Rings Online.lnk [2012-08-14 23:48:11 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-08-14 23:04:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-08-14 23:04:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-08-07 11:34:45 | 001,503,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-08-06 22:38:58 | 000,384,835 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\speeddial.crx [2012-07-29 22:51:23 | 000,031,744 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-25 11:48:07 | 000,551,426 | ---- | M] () -- C:\Users\Piotrek\Desktop\Scan.pdf [2012-07-23 10:52:50 | 000,044,542 | ---- | M] () -- C:\Users\Piotrek\Desktop\PotwierdzenieTransakcji_20120723_105153.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-18 01:09:10 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012-08-16 11:27:12 | 000,000,836 | ---- | C] () -- C:\Windows\SysNative\.crusader [2012-08-15 21:43:26 | 000,000,095 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\fusioncache.dat [2012-08-15 21:39:20 | 000,000,715 | ---- | C] () -- C:\Users\Piotrek\Desktop\The Lord of the Rings Online.lnk [2012-08-06 22:39:10 | 000,384,835 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\speeddial.crx [2012-07-25 11:48:06 | 000,551,426 | ---- | C] () -- C:\Users\Piotrek\Desktop\Scan.pdf [2012-07-23 10:52:50 | 000,044,542 | ---- | C] () -- C:\Users\Piotrek\Desktop\PotwierdzenieTransakcji_20120723_105153.pdf [2012-06-15 16:27:44 | 001,558,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-05-28 09:23:37 | 000,005,504 | ---- | C] () -- C:\Users\Piotrek\ksw32.lc [2011-12-03 19:58:34 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-12-03 19:58:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-10-21 17:58:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011-09-25 07:46:23 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011-09-24 23:24:04 | 000,000,872 | RHS- | C] () -- C:\Users\Piotrek\ntuser.pol [2011-09-24 18:43:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011-09-24 18:42:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011-09-24 18:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011-09-08 08:56:47 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2011-09-01 16:48:25 | 000,031,744 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-09-01 13:53:44 | 000,000,000 | ---- | C] () -- C:\Users\Piotrek\AppData\Roaming\chrtmp [2011-09-01 13:47:05 | 000,000,680 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\d3d9caps.dat [2011-09-01 10:12:48 | 000,001,460 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\d3d9caps64.dat [2011-08-03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [color=#E56717]========== LOP Check ==========[/color] [2012-06-06 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Aeria Games & Entertainment [2011-11-22 10:45:18 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\All Free Disc Burner [2012-08-07 12:57:19 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Audacity [2012-08-13 18:10:02 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Awesomium [2011-10-09 20:54:13 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\blueconnect [2012-08-17 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\DAEMON Tools Lite [2012-08-17 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\DAEMON Tools Pro [2011-11-23 04:31:21 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\DMCache [2012-04-07 16:45:40 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\FOG Downloader [2012-07-05 06:37:56 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Gadu-Gadu 10 [2011-11-23 04:31:52 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\IDM [2011-11-30 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\LolClient [2012-06-23 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\LolClient2 [2012-08-08 11:52:08 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\MusicNet [2011-11-05 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\OpenCandy [2011-10-23 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\OpenFM [2011-09-01 13:43:48 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Opera [2012-01-13 01:21:57 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Origin [2012-06-28 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Panda Security [2012-03-10 22:18:19 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\PhotoScape [2012-03-29 11:42:00 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Podatnik.info [2011-11-05 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Sports Interactive [2011-11-16 00:48:29 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Systweak [2012-08-19 00:14:52 | 000,000,000 | RHSD | M] -- C:\Users\Piotrek\AppData\Roaming\taskmsr [2011-11-03 09:13:22 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Three Rings Design [2012-05-22 22:08:37 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Tibia [2012-05-16 07:30:02 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Tibiacast [2012-08-18 01:08:51 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\TuneUp Software [2012-02-11 13:22:38 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Unity [2011-09-01 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\VS Revo Group [2012-06-10 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\wargaming.net [2012-08-19 00:15:48 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 205 · przez **defacto19** 19 Sie 2012, 10:55

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

:OTL
O4 - HKU\S-1-5-21-247997679-3088840132-2315766782-1000..\Run: [Akamai NetSession Interface] "C:\Users\Piotrek\AppData\Local\Akamai\netsession_win.exe" File not found
O27:64bit: - HKLM IFEO\hpcustpartic.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\photoproduct.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hpcustpartic.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\photoproduct.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
[2011-11-05 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\OpenCandy
[2012-08-19 00:14:52 | 000,000,000 | RHSD | M] -- C:\Users\Piotrek\AppData\Roaming\taskmsr
[2012-08-19 00:20:48 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-19 00:20:48 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-19 00:05:50 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

:Commands
[emptytemp]

Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie i przedstaw go na forum.

Autor postu otrzymał pochwałę

**Posty:** 3 · przez **Sunnade** 19 Sie 2012, 20:17

Proszę, zamieszczam raport i raz jeszcze pięknie podziękuję za pomoc i za poświęcenie mi swojego prywatnego czasu

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-247997679-3088840132-2315766782-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpcustpartic.exe\ deleted successfully. C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpwucli.exe\ deleted successfully. File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoproduct.exe\ deleted successfully. File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe\ deleted successfully. File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpcustpartic.exe\ deleted successfully. File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpwucli.exe\ deleted successfully. File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoproduct.exe\ deleted successfully. File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe\ deleted successfully. File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found. C:\Users\Piotrek\AppData\Roaming\OpenCandy\OpenCandy_462CD61858EF4FC5BA01C499E5C905A3 folder moved successfully. C:\Users\Piotrek\AppData\Roaming\OpenCandy\462CD61858EF4FC5BA01C499E5C905A3 folder moved successfully. C:\Users\Piotrek\AppData\Roaming\OpenCandy folder moved successfully. C:\Users\Piotrek\AppData\Roaming\taskmsr folder moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Piotrek ->Temp folder emptied: 4500058 bytes ->Temporary Internet Files folder emptied: 992881 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 233994026 bytes ->Opera cache emptied: 19284784 bytes ->Flash cache emptied: 650 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 15009600 bytes %systemroot%\System32 (64bit) .tmp files removed: 23506688 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 503917494 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 764,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08192012_201051 Files\Folders moved on Reboot... C:\Users\Piotrek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Piotrek\AppData\Local\Temp\INS_d2969472.TMP not found! File\Folder C:\Windows\SysNative\SET2EBD.tmp not found! File\Folder C:\Windows\SysNative\SET4450.tmp not found! File\Folder C:\Windows\SysNative\SET800C.tmp not found! File\Folder C:\Windows\SysNative\SET80CC.tmp not found! PendingFileRenameOperations files... File C:\Users\Piotrek\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Piotrek\AppData\Local\Temp\INS_d2969472.TMP not found! File C:\Windows\SysNative\SET2EBD.tmp not found! File C:\Windows\SysNative\SET4450.tmp not found! File C:\Windows\SysNative\SET800C.tmp not found! File C:\Windows\SysNative\SET80CC.tmp not found! Registry entries deleted on Reboot...

**Posty:** 205 · przez **defacto19** 20 Sie 2012, 16:47

Uruchom OTL i użyj opcji sprzątanie.

Zastosuj Adwcleaner z opcji Delete.
(Po ponownym uruchomieniu komputera uruchom Adwcleaner`a raz jeszcze i kliknij na przycisk Uninstall)

Zainstaluj aktualizacje do programow wskazanych przez Security Check jako out of date.